7u21更新后弹出需要身份验证的窗口 [英] Authentication required window popping up after 7u21 update

问题描述

在过去的6个月中，我一直在从事一个项目.对于此项目，我有一个在其中部署Web服务的glassfish服务器实例.在客户端，我正在使用JavaFX2.2，它通过BASIC身份验证对Jersey进行REST请求(XML请求/响应，没有JSON).

当用户启动程序(JWS/JNLP)时，通常他们只是在自己的登录窗口中输入凭据，按登录按钮即可开始工作.但是从7u21开始，由于某种原因(可能是由于7u21中更改的安全性)，我弹出了一个额外的Java需要身份验证"弹出窗口.

为确保它与Java版本之间的兼容性问题无关，我还将服务器也更新为7u21，因此:

• 客户端:将Java从7u17更新为7u21
• 服务器:将Java从7u09更新为7u21，调整了glassfish asenv.bat文件以使用新的jdk

如果我在上面显示的需要身份验证"窗口中单击取消"按钮，则程序确实会启动，但在执行请求时运行不稳定:

java.io.IOException: stream is closed
file:/D:/NetBeansProjects/MIT_20130516/CL_KenoM/dist/CL_KenoM.jar!/GUI/cow/ListCow.fxml
  at com.sun.jersey.api.client.ClientResponse.close(ClientResponse.java:615)
  at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:570)
  at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:535)
  at com.sun.jersey.api.client.WebResource.handle(WebResource.java:696)
  at com.sun.jersey.api.client.WebResource.access$300(WebResource.java:74)
  at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:512)
  at DA.CowsClient.getCowsByUserId(CowsClient.java:96)
  at GUI.cow.ListCowController.initialize(ListCowController.java:728)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2152)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2028)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2744)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2723)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2709)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2696)
  at Classes.Context.showContentPane(Context.java:186)
  at GUI.user.ListUserController.openAddData(ListUserController.java:389)
  at GUI.user.ListUserController.access$100(ListUserController.java:55)
  at GUI.user.ListUserController$8.handle(ListUserController.java:657)
  at GUI.user.ListUserController$8.handle(ListUserController.java:652)
  at com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(CompositeEventHandler.java:69)
  at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:217)
  at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:170)
  at com.sun.javafx.event.CompositeEventDispatcher.dispatchBubblingEvent(CompositeEventDispatcher.java:38)
  at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:37)
  at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92)
  at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:35)
  at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92)
  at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:35)
  at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92)
  at com.sun.javafx.event.EventUtil.fireEventImpl(EventUtil.java:53)
  at com.sun.javafx.event.EventUtil.fireEvent(EventUtil.java:33)
  at javafx.event.Event.fireEvent(Event.java:171)
  at javafx.scene.Scene$ClickGenerator.postProcess(Scene.java:3117)
  at javafx.scene.Scene$ClickGenerator.access$8600(Scene.java:3055)
  at javafx.scene.Scene$MouseHandler.process(Scene.java:3337)
  at javafx.scene.Scene$MouseHandler.process(Scene.java:3168)
  at javafx.scene.Scene$MouseHandler.access$1900(Scene.java:3123)
  at javafx.scene.Scene.impl_processMouseEvent(Scene.java:1563)
  at javafx.scene.Scene$ScenePeerListener.mouseEvent(Scene.java:2265)
  at com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(GlassViewEventHandler.java:250)
  at com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(GlassViewEventHandler.java:173)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.javafx.tk.quantum.GlassViewEventHandler.handleMouseEvent(GlassViewEventHandler.java:292)
  at com.sun.glass.ui.View.handleMouseEvent(View.java:528)
  at com.sun.glass.ui.View.notifyMouse(View.java:922)
  at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
  at com.sun.glass.ui.win.WinApplication.access$100(WinApplication.java:29)
  at com.sun.glass.ui.win.WinApplication$3$1.run(WinApplication.java:73)
  at java.lang.Thread.run(Unknown Source)

com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: stream is closed

使用GET方法(尚未使用PUT或DELETE进行测试)时，会随机发生此错误，在这种情况下，它是getCowsByUserId()方法:

public List<Cows> getCowsByUserId(int id) throws UniformInterfaceException {
    WebResource resource = webResource;
    resource = resource.path(java.text.MessageFormat.format("cows/user/{0}", String.valueOf(id))); //this is line 96
    List<Cows> list = resource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML).get(new GenericType<List<Cows>>() { });

    return list;
}

有趣的部分是，当我通过Netbeans或使用.jar文件而不是.jnlp来启动程序时，一切都按预期工作(没有额外的身份验证弹出窗口，没有错误)...所以这必须要做我猜Java Webstart有什么用?

EDIT 2013年5月28日:

我通过比较7u17和7u21中的Java控制台跟踪/调试日志进行了一些进一步的研究.我在7u21日志中注意到以下内容:

security: Trust for: http://<url>/lib/jersey-core-1.17.jar has ended: Thu Jan 01 01:00:00 CET 1970
security: Validate the certificate chain using CertPath API
security: SHA-256 finger print: <bunch of chars>
security: The certificate hasnt been expired, no need to check timestamping info
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Start comparing to jurisdiction list with this certificate
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: JAVAWS AppPolicy Permission requested for: http://<url>/lib/jersey-core-1.17.jar

第一行未显示在7u17日志中，因此它必须对罐子进行签名吗?它显示了多个jar文件相同的内容.在构建项目时，所有内容都使用自己制作的密钥库进行签名，这是个大问题吗?这是否意味着JNLP仅在用受信任的CA创建的证书(不是免费的)签名的罐子中才能正常工作?

EDIT 2013年6月4日:

我从GlobalSign购买了代码签名证书，并将其安装到我的计算机上.将PFX证书文件转换为Java密钥库(JKS)，并使用该文件对我的jar进行签名(在Netbeans中).之后验证了罐子，一切似乎都还可以. 但是，我更新了Web服务器上的文件，通过JNLP文件启动了该程序，但仍然是相同的行为.

EDIT 2013年6月6日:

好的，开始了另一种方法.作为测试，我尝试使用HTTPUrlConnection()而不是Jersey来获取XML数据:

在使用7u21进行http GET请求时，我得到相同的需要身份验证"窗口.使用7u17，我得到了XML响应.仍然没有人知道什么可能是错的吗?因为我使用BASIC身份验证，所以可以做点什么吗?这可能与服务器有关吗?这与JNLP文件有关吗?我搜索这个问题的答案越多，看来我就有更多的问题:)

解决方案

我对您的的回答问题也应该回答这个问题.

简而言之:Java Web Start默认在JDK7中缓存HTTP响应，并且您必须在客户端请求和Jersey REST服务的响应上将Cache-Control标头设置为"no-cache，no-store".

I've been working on a project for the last 6 months. For this project I have a glassfish server instance where a webservice is deployed. At the client side, I'm using JavaFX2.2 which does REST requests with Jersey (XML requests/responses, no JSON) with BASIC authentication.

When the user starts the program (JWS/JNLP), normally they just enter their credentials in an own made login window, press the login button and start working. Since 7u21 however, I got an extra Java "Authentication Required" pop-up for some reason (probably because of the changed security in 7u21).

To be sure it had nothing to do with compatibility issues between Java versions, I updated the server as well to 7u21, so:

• Client: updated java from 7u17 to 7u21
• Server: updated java from 7u09 to 7u21, adjusted glassfish asenv.bat file to use the new jdk

If I hit the cancel button in the "Authentication Required" window shown above, the program does start thou, but it does not run stable when doing requests:

java.io.IOException: stream is closed
file:/D:/NetBeansProjects/MIT_20130516/CL_KenoM/dist/CL_KenoM.jar!/GUI/cow/ListCow.fxml
  at com.sun.jersey.api.client.ClientResponse.close(ClientResponse.java:615)
  at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:570)
  at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:535)
  at com.sun.jersey.api.client.WebResource.handle(WebResource.java:696)
  at com.sun.jersey.api.client.WebResource.access$300(WebResource.java:74)
  at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:512)
  at DA.CowsClient.getCowsByUserId(CowsClient.java:96)
  at GUI.cow.ListCowController.initialize(ListCowController.java:728)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2152)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2028)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2744)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2723)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2709)
  at javafx.fxml.FXMLLoader.load(FXMLLoader.java:2696)
  at Classes.Context.showContentPane(Context.java:186)
  at GUI.user.ListUserController.openAddData(ListUserController.java:389)
  at GUI.user.ListUserController.access$100(ListUserController.java:55)
  at GUI.user.ListUserController$8.handle(ListUserController.java:657)
  at GUI.user.ListUserController$8.handle(ListUserController.java:652)
  at com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(CompositeEventHandler.java:69)
  at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:217)
  at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:170)
  at com.sun.javafx.event.CompositeEventDispatcher.dispatchBubblingEvent(CompositeEventDispatcher.java:38)
  at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:37)
  at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92)
  at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:35)
  at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92)
  at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:35)
  at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:92)
  at com.sun.javafx.event.EventUtil.fireEventImpl(EventUtil.java:53)
  at com.sun.javafx.event.EventUtil.fireEvent(EventUtil.java:33)
  at javafx.event.Event.fireEvent(Event.java:171)
  at javafx.scene.Scene$ClickGenerator.postProcess(Scene.java:3117)
  at javafx.scene.Scene$ClickGenerator.access$8600(Scene.java:3055)
  at javafx.scene.Scene$MouseHandler.process(Scene.java:3337)
  at javafx.scene.Scene$MouseHandler.process(Scene.java:3168)
  at javafx.scene.Scene$MouseHandler.access$1900(Scene.java:3123)
  at javafx.scene.Scene.impl_processMouseEvent(Scene.java:1563)
  at javafx.scene.Scene$ScenePeerListener.mouseEvent(Scene.java:2265)
  at com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(GlassViewEventHandler.java:250)
  at com.sun.javafx.tk.quantum.GlassViewEventHandler$MouseEventNotification.run(GlassViewEventHandler.java:173)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.javafx.tk.quantum.GlassViewEventHandler.handleMouseEvent(GlassViewEventHandler.java:292)
  at com.sun.glass.ui.View.handleMouseEvent(View.java:528)
  at com.sun.glass.ui.View.notifyMouse(View.java:922)
  at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
  at com.sun.glass.ui.win.WinApplication.access$100(WinApplication.java:29)
  at com.sun.glass.ui.win.WinApplication$3$1.run(WinApplication.java:73)
  at java.lang.Thread.run(Unknown Source)

com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: stream is closed

This error happens randomly when using a GET method (haven't tested with PUT or DELETE), in this case it was the getCowsByUserId() method:

public List<Cows> getCowsByUserId(int id) throws UniformInterfaceException {
    WebResource resource = webResource;
    resource = resource.path(java.text.MessageFormat.format("cows/user/{0}", String.valueOf(id))); //this is line 96
    List<Cows> list = resource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML).get(new GenericType<List<Cows>>() { });

    return list;
}

The funny part is, when I start the program through Netbeans or with the .jar file instead of .jnlp, everything works as intended (no extra authentication pop-ups, no errors)... so this must have to do something with Java Webstart I guess?

EDIT 28 May 2013:

I did some further research by comparing the java console tracing/debugging logs from 7u17 and 7u21. I noticed the following in the 7u21 log:

security: Trust for: http://<url>/lib/jersey-core-1.17.jar has ended: Thu Jan 01 01:00:00 CET 1970
security: Validate the certificate chain using CertPath API
security: SHA-256 finger print: <bunch of chars>
security: The certificate hasnt been expired, no need to check timestamping info
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Start comparing to jurisdiction list with this certificate
basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
security: JAVAWS AppPolicy Permission requested for: http://<url>/lib/jersey-core-1.17.jar

The first line does not show up in the 7u17 log, so it has to do something with signing the jars? It shows for multiple jar files the same thing. When building the project, everything gets signed with an own made keystore, is this the big problem? Does this mean that JNLP will only work decently if the jars are signed with a certificate created by a trusted CA (which isn't free ofcourse)?

EDIT 04 June 2013:

I bought myself a code signing certificate from GlobalSign, installed it onto my machine. Converted the PFX certificate file to a Java Key Store (JKS) and used that one to sign my jars (in Netbeans). Afterwards verified the jars and all seems to be ok. However, I updated the files on the webserver, launched the program through the JNLP file but still the same behavior.. time to get desperate!

EDIT 06 June 2013:

Alright, started a different approach. As a matter of test I tried to fetch XML data by using HTTPUrlConnection() instead of Jersey:

I get the same 'Authentication Required' window when doing a http GET request when using 7u21. With 7u17 I get the XML response. Still nobody got a clue what could be wrong? Could this have something to do because I use BASIC authentication? Could this be server related? Could this have something to do with the JNLP file? The more answers I search for this question, the more questions I have it seems :)

解决方案

My answer to your follow-up question should also answer this question.

In short: Java Web Start caches HTTP responses by default in JDK7 and you have to set the Cache-Control header to "no-cache, no-store" on your client request and on the responses by the Jersey REST service.

这篇关于7u21更新后弹出需要身份验证的窗口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！